Managing Group Policy on XP SP2

G

Guest

I updated our GPO on our Windows 2000 domain controllers with the latest ADM
files from XP SP2. I did this by opening up the GPO on a Windows XP Pro
workstation with SP2 and it automatically replicated the ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are replicating to the
Windows 2000 servers. For example, in the policy path "Administrative
Templates\Network\Network Connections\Windows Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the replication process?
It would be nice to be able to define program exceptions because there are a
couple programs within our environment that won't work unless we can exclude
them. It would be preferable to do this through GP instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
 
H

Hunter

You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter
 
G

Guest

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I still
have the issue where not all the policies are showing up on the Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on the
Windows 2000 server to see if that updates all the policies on the domain
controllers to match the same amount showing on the XP SP2 workstation.

I'll let you know how it goes.

Thanks

d mac
 
G

Guest

I imported the ADM files from the XP SP2 workstation and still some of the
policies are missing (as mentioned below). I even imported the ADM files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en) and still there are some missing.

It seems like there might be certain policies that aren't compatible with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

d mac said:
Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I still
have the issue where not all the policies are showing up on the Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on the
Windows 2000 server to see if that updates all the policies on the domain
controllers to match the same amount showing on the XP SP2 workstation.

I'll let you know how it goes.

Thanks

d mac

Bruce Sanderson said:
http://support.microsoft.com/?kbid=842933 documents this problem and has a
patch available.
Click to expand...
Click to expand...
 
H

Hunter

Short of the first suggestion I had I guess you could try
The Knowledge Base Article - 323639 ( how to create Custom
Adm templates in windows 2000)

H




-----Original Message-----
Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I still
have the issue where not all the policies are showing up on the Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on the
Windows 2000 server to see if that updates all the policies on the domain
controllers to match the same amount showing on the XP SP2 workstation.

I'll let you know how it goes.

Thanks

d mac

Bruce Sanderson said:
http://support.microsoft.com/?kbid=842933 documents this problem and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.




http://www.microsoft.com/technet/prodtechnol/winxppro/mai n
Click to expand...
.
Click to expand...
 
G

Guest

I've been facing the EXACT same issue since yesterday. If you come up with a
solution, it would be great to post it here. I'll do the same.

billj

d mac said:
I imported the ADM files from the XP SP2 workstation and still some of the
policies are missing (as mentioned below). I even imported the ADM files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en) and still there are some missing.

It seems like there might be certain policies that aren't compatible with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

d mac said:
Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I still
have the issue where not all the policies are showing up on the Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on the
Windows 2000 server to see if that updates all the policies on the domain
controllers to match the same amount showing on the XP SP2 workstation.

I'll let you know how it goes.

Thanks

d mac

Bruce Sanderson said:
http://support.microsoft.com/?kbid=842933 documents this problem and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

I'm glad I'm not the only one. I will definitely know if I find any fixes.
For the time being, I'm enabling the policy through the workstation that has
XP SP2 and it seems to be applying through the domain controllers, however
the programs don't show up on the list in the Windows Firewall like I would
expect. Can you see if this is the same experience for you? I'm guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


billj said:
I've been facing the EXACT same issue since yesterday. If you come up with a
solution, it would be great to post it here. I'll do the same.

billj

d mac said:
I imported the ADM files from the XP SP2 workstation and still some of the
policies are missing (as mentioned below). I even imported the ADM files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en) and still there are some missing.

It seems like there might be certain policies that aren't compatible with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

d mac said:
Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I still
have the issue where not all the policies are showing up on the Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on the
Windows 2000 server to see if that updates all the policies on the domain
controllers to match the same amount showing on the XP SP2 workstation.

I'll let you know how it goes.

Thanks

d mac

:

http://support.microsoft.com/?kbid=842933 documents this problem and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 
D

Darren Mar-Elia

I just checked this out and found the same behavior on my Win2K machine when
viewing an XP, SP2 policy--specifically those two Windows Firewall policies:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
that you've found. I can see no reason, in looking at the ADM file, why they
should not appear. Maybe someone on this NG from Microsoft can check into
it?



--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related



d mac said:
I'm glad I'm not the only one. I will definitely know if I find any
fixes.
For the time being, I'm enabling the policy through the workstation that
has
XP SP2 and it seems to be applying through the domain controllers, however
the programs don't show up on the list in the Windows Firewall like I
would
expect. Can you see if this is the same experience for you? I'm guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


billj said:
I've been facing the EXACT same issue since yesterday. If you come up
with a
solution, it would be great to post it here. I'll do the same.

billj

d mac said:
I imported the ADM files from the XP SP2 workstation and still some of
the
policies are missing (as mentioned below). I even imported the ADM
files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
and still there are some missing.

It seems like there might be certain policies that aren't compatible
with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

:

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I
still
have the issue where not all the policies are showing up on the
Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on
the
Windows 2000 server to see if that updates all the policies on the
domain
controllers to match the same amount showing on the XP SP2
workstation.

I'll let you know how it goes.

Thanks

d mac

:

http://support.microsoft.com/?kbid=842933 documents this problem
and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong
question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 
K

Ken B

Here's another good question late in the game... well, maybe not so good of
a question... how can I manage domain group policies from my XP machine?
When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
can't seem to run what I would think is gpmc.mmc/msc

It's something probably really simple I'm missing...

TIA

K

Darren Mar-Elia said:
I just checked this out and found the same behavior on my Win2K machine when
viewing an XP, SP2 policy--specifically those two Windows Firewall policies:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
that you've found. I can see no reason, in looking at the ADM file, why they
should not appear. Maybe someone on this NG from Microsoft can check into
it?



--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related



d mac said:
I'm glad I'm not the only one. I will definitely know if I find any
fixes.
For the time being, I'm enabling the policy through the workstation that
has
XP SP2 and it seems to be applying through the domain controllers, however
the programs don't show up on the list in the Windows Firewall like I
would
expect. Can you see if this is the same experience for you? I'm guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


billj said:
I've been facing the EXACT same issue since yesterday. If you come up
with a
solution, it would be great to post it here. I'll do the same.

billj

:

I imported the ADM files from the XP SP2 workstation and still some of
the
policies are missing (as mentioned below). I even imported the ADM
files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
and still there are some missing.

It seems like there might be certain policies that aren't compatible
with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

:

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I
still
have the issue where not all the policies are showing up on the
Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on
the
Windows 2000 server to see if that updates all the policies on the
domain
controllers to match the same amount showing on the XP SP2
workstation.

I'll let you know how it goes.

Thanks

d mac

:

http://support.microsoft.com/?kbid=842933 documents this problem
and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong
question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

You might check to see that you have the latest copy of the GP Management
Console on your XP workstation:

http://www.microsoft.com/downloads/...24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Ken B said:
Here's another good question late in the game... well, maybe not so good of
a question... how can I manage domain group policies from my XP machine?
When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
can't seem to run what I would think is gpmc.mmc/msc

It's something probably really simple I'm missing...

TIA

K

Darren Mar-Elia said:
I just checked this out and found the same behavior on my Win2K machine when
viewing an XP, SP2 policy--specifically those two Windows Firewall policies:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
that you've found. I can see no reason, in looking at the ADM file, why they
should not appear. Maybe someone on this NG from Microsoft can check into
it?



--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related



d mac said:
I'm glad I'm not the only one. I will definitely know if I find any
fixes.
For the time being, I'm enabling the policy through the workstation that
has
XP SP2 and it seems to be applying through the domain controllers, however
the programs don't show up on the list in the Windows Firewall like I
would
expect. Can you see if this is the same experience for you? I'm guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


:

I've been facing the EXACT same issue since yesterday. If you come up
with a
solution, it would be great to post it here. I'll do the same.

billj

:

I imported the ADM files from the XP SP2 workstation and still some of
the
policies are missing (as mentioned below). I even imported the ADM
files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
and still there are some missing.

It seems like there might be certain policies that aren't compatible
with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

:

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I
still
have the issue where not all the policies are showing up on the
Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on
the
Windows 2000 server to see if that updates all the policies on the
domain
controllers to match the same amount showing on the XP SP2
workstation.

I'll let you know how it goes.

Thanks

d mac

:

http://support.microsoft.com/?kbid=842933 documents this problem
and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong
question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Hi Ken

On your XP machine, go to Start > Run > type in MMC and hit enter. Go to
the File menu and select Add/Remove Snap-in. Click the Add button > scroll
through the list and select Group Policy > click Add. You can then click
Browse and look for the domain policy that you want to edit, select it, click
OK > Finish > Close > OK. Then you should see the Policy listed in the
management console.

d mac

Ken B said:
Here's another good question late in the game... well, maybe not so good of
a question... how can I manage domain group policies from my XP machine?
When I go Start>Run>gpedit.msc, the window I get says "Local policy". I
can't seem to run what I would think is gpmc.mmc/msc

It's something probably really simple I'm missing...

TIA

K

Darren Mar-Elia said:
I just checked this out and found the same behavior on my Win2K machine when
viewing an XP, SP2 policy--specifically those two Windows Firewall policies:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
that you've found. I can see no reason, in looking at the ADM file, why they
should not appear. Maybe someone on this NG from Microsoft can check into
it?



--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related



d mac said:
I'm glad I'm not the only one. I will definitely know if I find any
fixes.
For the time being, I'm enabling the policy through the workstation that
has
XP SP2 and it seems to be applying through the domain controllers, however
the programs don't show up on the list in the Windows Firewall like I
would
expect. Can you see if this is the same experience for you? I'm guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


:

I've been facing the EXACT same issue since yesterday. If you come up
with a
solution, it would be great to post it here. I'll do the same.

billj

:

I imported the ADM files from the XP SP2 workstation and still some of
the
policies are missing (as mentioned below). I even imported the ADM
files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
and still there are some missing.

It seems like there might be certain policies that aren't compatible
with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

:

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I
still
have the issue where not all the policies are showing up on the
Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files on
the
Windows 2000 server to see if that updates all the policies on the
domain
controllers to match the same amount showing on the XP SP2
workstation.

I'll let you know how it goes.

Thanks

d mac

:

http://support.microsoft.com/?kbid=842933 documents this problem
and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong
question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 
B

Bruce Sanderson

Hmm. I see this also, even with the latest version of GPMC on Windows 2003
Enterprise Server (RTM), but after installing hotfix 842933, the two missing
settings show up in the Group Policy Editor.

But, the corresponding version of the hotfix for Windows 2000 post SP3
(installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
problem there.


--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


Darren Mar-Elia said:
I just checked this out and found the same behavior on my Win2K machine
when viewing an XP, SP2 policy--specifically those two Windows Firewall
policies:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

do not appear if I view the GPO from Win2K. Frankly, I think this is a bug
that you've found. I can see no reason, in looking at the ADM file, why
they should not appear. Maybe someone on this NG from Microsoft can check
into it?



--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information
Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related



d mac said:
I'm glad I'm not the only one. I will definitely know if I find any
fixes.
For the time being, I'm enabling the policy through the workstation that
has
XP SP2 and it seems to be applying through the domain controllers,
however
the programs don't show up on the list in the Windows Firewall like I
would
expect. Can you see if this is the same experience for you? I'm
guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


billj said:
I've been facing the EXACT same issue since yesterday. If you come up
with a
solution, it would be great to post it here. I'll do the same.

billj

:

I imported the ADM files from the XP SP2 workstation and still some of
the
policies are missing (as mentioned below). I even imported the ADM
files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
and still there are some missing.

It seems like there might be certain policies that aren't compatible
with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

:

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in the
[strings] section is too long and has been truncated" errors. But I
still
have the issue where not all the policies are showing up on the
Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files
on the
Windows 2000 server to see if that updates all the policies on the
domain
controllers to match the same amount showing on the XP SP2
workstation.

I'll let you know how it goes.

Thanks

d mac

:

http://support.microsoft.com/?kbid=842933 documents this problem
and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong
question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 
B

Bruce Sanderson

See http://support.microsoft.com/?kbid=873449 for an explanation.

--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.


Bruce Sanderson said:
Hmm. I see this also, even with the latest version of GPMC on Windows
2003 Enterprise Server (RTM), but after installing hotfix 842933, the two
missing settings show up in the Group Policy Editor.

But, the corresponding version of the hotfix for Windows 2000 post SP3
(installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
problem there.


--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


Darren Mar-Elia said:
I just checked this out and found the same behavior on my Win2K machine
when viewing an XP, SP2 policy--specifically those two Windows Firewall
policies:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

do not appear if I view the GPO from Win2K. Frankly, I think this is a
bug that you've found. I can see no reason, in looking at the ADM file,
why they should not appear. Maybe someone on this NG from Microsoft can
check into it?



--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information
Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related



d mac said:
I'm glad I'm not the only one. I will definitely know if I find any
fixes.
For the time being, I'm enabling the policy through the workstation that
has
XP SP2 and it seems to be applying through the domain controllers,
however
the programs don't show up on the list in the Windows Firewall like I
would
expect. Can you see if this is the same experience for you? I'm
guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


:

I've been facing the EXACT same issue since yesterday. If you come up
with a
solution, it would be great to post it here. I'll do the same.

billj

:

I imported the ADM files from the XP SP2 workstation and still some
of the
policies are missing (as mentioned below). I even imported the ADM
files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
and still there are some missing.

It seems like there might be certain policies that aren't compatible
with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

:

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in
the
[strings] section is too long and has been truncated" errors. But
I still
have the issue where not all the policies are showing up on the
Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files
on the
Windows 2000 server to see if that updates all the policies on the
domain
controllers to match the same amount showing on the XP SP2
workstation.

I'll let you know how it goes.

Thanks

d mac

:

http://support.microsoft.com/?kbid=842933 documents this problem
and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong
question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 
B

Bruce Sanderson

PS: a link to http://support.microsoft.com/?kbid=873449 has been added to KB
article 842933 (right near the end under More Information).

--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.


Bruce Sanderson said:
Hmm. I see this also, even with the latest version of GPMC on Windows
2003 Enterprise Server (RTM), but after installing hotfix 842933, the two
missing settings show up in the Group Policy Editor.

But, the corresponding version of the hotfix for Windows 2000 post SP3
(installed on a Windows 2000 Standard Server with SP4) DID NOT correct the
problem there.


--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


Darren Mar-Elia said:
I just checked this out and found the same behavior on my Win2K machine
when viewing an XP, SP2 policy--specifically those two Windows Firewall
policies:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

do not appear if I view the GPO from Win2K. Frankly, I think this is a
bug that you've found. I can see no reason, in looking at the ADM file,
why they should not appear. Maybe someone on this NG from Microsoft can
check into it?



--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information
Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related



d mac said:
I'm glad I'm not the only one. I will definitely know if I find any
fixes.
For the time being, I'm enabling the policy through the workstation that
has
XP SP2 and it seems to be applying through the domain controllers,
however
the programs don't show up on the list in the Windows Firewall like I
would
expect. Can you see if this is the same experience for you? I'm
guessing
it's doing this because the policy isn't listed on the servers but still
affects the machines as a policy.

d mac


:

I've been facing the EXACT same issue since yesterday. If you come up
with a
solution, it would be great to post it here. I'll do the same.

billj

:

I imported the ADM files from the XP SP2 workstation and still some
of the
policies are missing (as mentioned below). I even imported the ADM
files
from the Microsoft website (at
http://www.microsoft.com/downloads/...4b-7112-4b6c-ad4a-bbf3802a5c9b&DisplayLang=en)
and still there are some missing.

It seems like there might be certain policies that aren't compatible
with
Windows 2000 Server. Does anyone know what I should try next?

Thanks,

d mac

:

Hi there,

I downloaded the 842933 patch before opening the GPO on the XP SP2
workstation, so I haven't had any of the "The following entry in
the
[strings] section is too long and has been truncated" errors. But
I still
have the issue where not all the policies are showing up on the
Windows 2000
Server vs. the XP SP2 workstation. Is this a known issue?

I will try Hunter's suggestion on manually importing the ADM files
on the
Windows 2000 server to see if that updates all the policies on the
domain
controllers to match the same amount showing on the XP SP2
workstation.

I'll let you know how it goes.

Thanks

d mac

:

http://support.microsoft.com/?kbid=842933 documents this problem
and has a
patch available.

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong
question.


You might try gathering up the XP .adm templates, copying
them to temp folder on the 2000 DC. Then opening the A/D
Group policy on the 2000 box right click on the
Admisitrative templates container, choose add snap-in.

It'll show the ones currently in use in the wnnt/inf
folder, Browse over to the new ones in the temp folder
and select add, it should ask you about overwriting etc.

Choose yes.

Once the new ones are copied in you will probably get a
bunch messages stating the new ones are too long or
something, but you'll have to hunt down an update for this
I think I found it at microsoft tech experts page on XP,
but it didn't seem to want to be found with search.

Anyways, maybe that will help.

Regards

Hunter



-----Original Message-----
I updated our GPO on our Windows 2000 domain controllers
with the latest ADM
files from XP SP2. I did this by opening up the GPO on a
Windows XP Pro
workstation with SP2 and it automatically replicated the
ADM files to our
domain controllers. See document at
http://www.microsoft.com/technet/prodtechnol/winxppro/main
tain/mangxpsp2/mngdepgp.mspx

However, it seems like not all of the ADM files are
replicating to the
Windows 2000 servers. For example, in the policy
path "Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile" there
are only 12 policies listed on the Windows 2000 Server
but on the XP SP2 box,
there are 14 policies. The two that are missing are:

Windows Firewall: Define program exceptions
Windows Firewall: Define port exceptions

Is this by design or is there something wrong with the
replication process?
It would be nice to be able to define program exceptions
because there are a
couple programs within our environment that won't work
unless we can exclude
them. It would be preferable to do this through GP
instead of manually going
to each machine and defining the program exceptions.

Thanks,

d mac
.
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows 2003 Group Policy 2
.ADM file versions are different or not there 2
GPO that disables XP Firewall 6
Windows XP SP2 firewall port exceptions via Group Policy failing 4
Updated Policy Issue 3
Problem with "Upgrading Windows 2000 Group Policy for Windows XP" 1
XPSP2 Windows Firewall Group Policy not being applied 12
Default domain policy is corrupt! help 3

Top